input: synaptics_dsx: allocate heap memory for temp buf (6922ad76) · Commits · Android-smartphones / bq / namek / android_kernel_bq_namek

Commit 6922ad76 authored Sep 20, 2016 by Ravi Kumar Siddojigari Committed by Shantanu Jain Oct 05, 2016

input: synaptics_dsx: allocate heap memory for temp buf



There is a possible stack overflow vulnerability in the rmidev_write
function because the stack array size is from user space.
changes to allocate heap memory for the temporary buffer instead of
stack memory to prevent the stack overflow vulnerability.
As discussed under  CVE-2016-3865 and ANDROID-28799389.

Change-Id: I20f639e09aaf3c533c98a12a2413570feae3d6d0
Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@codeaurora.org>
Signed-off-by: Shantanu Jain <shjain@codeaurora.org>

parent 619513c8

Hide whitespace changes

Inline Side-by-side

Please register or to comment